darma teja

darma teja

  • NA
  • 493
  • 190k

How to fix sanitize the parameters of SqlCommand?

Dec 5 2017 8:54 AM
My code is like this:

string groupQuery= blabla;
string WhereQuery= blabla;
string cmt= String.Format("selecte * from Customer {0}{1} order by CustomerName", WhereQuery, groupQuery);
SqlCommand cmd1=new SqlCommand(cmt);

everything is working fine. But

at SqlCommand(cmt); Visual studio sugest me to "Make sure to sanitize the parameters of this SQL command"

How can I fix it?

Answers (4)